聊聊如何停止某個pod的流量

序

本文主要研究一下如何停止某個pod的流量

配置

# Copyright Istio Authors
#
#   Licensed under the Apache License, Version 2.0 (the "License");
#   you may not use this file except in compliance with the License.
#   You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.

##################################################################################################
# Ratings service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
  name: ratings
  labels:
    app: ratings
    service: ratings
spec:
  ports:
  - port: 8080
    name: http
  selector:
    app: ratings
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ratings-v1
  labels:
    app: ratings
    version: v1
spec:
  replicas: 3
  selector:
    matchLabels:
      app: ratings
      version: v1
  template:
    metadata:
      labels:
        app: ratings
        version: v1
    spec:
      containers:
      - name: ratings
        image: jvm-tools-demo:v2
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8080
        livenessProbe:
          httpGet:
            path: /actuator/health/liveness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        readinessProbe:
          httpGet:
            path: /actuator/health/readiness
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        securityContext:
          runAsUser: 1000
        resources:
          # keep request = limit to keep this container in guaranteed class
          requests:
            cpu: 50m
            memory: 128Mi          
---

這裡我們配置了livenessProbe及readinessProbe

readinessProbe

org/springframework/boot/actuate/availability/ReadinessStateHealthIndicator.java

public class ReadinessStateHealthIndicator extends AvailabilityStateHealthIndicator {

    public ReadinessStateHealthIndicator(ApplicationAvailability availability) {
        super(availability, ReadinessState.class, (statusMappings) -> {
            statusMappings.add(ReadinessState.ACCEPTING_TRAFFIC, Status.UP);
            statusMappings.add(ReadinessState.REFUSING_TRAFFIC, Status.OUT_OF_SERVICE);
        });
    }

    @Override
    protected AvailabilityState getState(ApplicationAvailability applicationAvailability) {
        return applicationAvailability.getReadinessState();
    }

}

springboot的ReadinessStateHealthIndicator提供了/actuator/health/readiness用於檢測是否可以接收流量

變更

AvailabilityChangeEvent.publish(applicationContext, ReadinessState.REFUSING_TRAFFIC);
        return ReadinessState.REFUSING_TRAFFIC;

AvailabilityChangeEvent提供了publish方法，可以將ReadinessState變更為REFUSING_TRAFFIC

pods

kubectl get pods
NAME                          READY   STATUS    RESTARTS   AGE
ratings-v1-54bf49c9bc-d88jb   1/1     Running   0          4m34s
ratings-v1-54bf49c9bc-dfjhh   1/1     Running   0          4m34s
ratings-v1-54bf49c9bc-flvcq   0/1     Running   0          4m34s

變更之後可以發現，k8s的get pods顯示其中一個pod的ready為0，這裡有個延時，取決於periodSeconds引數值，預設為10(s)

小結

透過配置pod的liveness和readiness，並在執行時變更springboot的ReadinessState變更為REFUSING_TRAFFIC，可以將該pod從流量中移除，同時整個服務的副本個數不會像變更label那樣多出來pod。

doc

• Configure Liveness, Readiness and Startup Probes